Dozens of companies in the U.S. and political parties in Australia have been targeted in recent attacks that appear to have state sponsorship. Officials say China and Iran appear to have escalated their online espionage campaigns, seeking to gather better intelligence and steal intellectual property.

Australian Prime Minster Scott Morrison on Monday declined to assign blame for cyberattacks that recently breached Parliament's networks, including the email archives of legislators. He also sought to assuage fears over possible interference with the upcoming federal election, which must be held before May 18 (see: Hack Attack Breaches Australian Parliament Network).

"Our cyber experts believe that a sophisticated state actor is responsible for this malicious activity," Morrison says in video published by broadcaster ABC. "Let me be clear, though: There is no evidence of any electoral interference. We have put in place a number of measures to ensure the integrity of our electoral system."

Alastair MacGibbon, Australia's national cybersecurity adviser, says the government doesn't know who is behind the attacks or their intent, but is investigating. The quick remediation action undertaken after the attacks removed some of the forensic evidence, in an unfortunate, but necessary, turn of events, he says.

U.S. Targeted

In the U.S., dozens of U.S. corporations and government agencies have been hit by attacks that appear to have been carried out by Iran, The New York Times reports.

Those attacks have come in parallel with increased activity by China aimed at stealing intellectual property from military contractors and technology companies, the Times reports. Targets have included Boeing, General Electric Aviation and T-Mobile, it says, citing an intelligence report (see: Feds Urge Private Sector 'Shields Up' Against Hackers).

Tom Uren

China's activity appears to abrogate an unprecedented agreement reached in September 2015 between former President Barack Obama and Chinese President Xi Jinping. The agreement forbids the theft of intellectual property via cyberattacks (see: U.S., China Reach Cyber Agreement).

The U.S put much effort into that diplomatic solution, which appeared to temporarily convince China it should stop, says Tom Uren, senior analyst with the International Policy Centre at the Australian Strategic Policy Institute. But one question is whether China intended to abide by the agreement or develop better tools and techniques to mask its activity, Uren says.

"It kind of looks like the latter now," Uren says.

Australia: Target for Influence

Contributing to the tension is the trade standoff between the U.S. and China. President Donald Trump has imposed a variety of tariffs on Chinese goods in an effort to revamp trade rules.

Counting both imports and exports, China is Australia's No. 1 trading partner. As in many other regions, China has jostled for economic and political influence in Australia, including leasing Darwin Port and developing interests in agriculture and real estate.

"Australia has become a major target for Chinese espionage and influence operations, since China wants to peel Australia from the U.S. That may not sound doable, but they see no harm in trying."—James Lewis, CSIS

As President Trump's foreign policies have caught many in the western world off guard, it has created opportunities for China to create wedges between traditional alliances.

"Australia has become a major target for Chinese espionage and influence operations, since China wants to peel Australia from the U.S.," Lewis says. "That may not sound doable, but they see no harm in trying."

Australia has taken a softer approach than the U.S. and not publicly laid blame for cyberattacks. Over the past few years, the U.S. has taken to the courts and sought criminal indictments against alleged Chinese, Russian and Iranian hackers, pursuing a confrontational tactic that has sought to at least embarrass attackers and the government agencies that employ them (see: US Again Indicts Chinese Intel Agents Over Hacking).

But attributing cyberattacks remains an often thorny and controversial undertaking. The indictments, however, demonstrate that U.S. prosecutors feel confident in their technical investigations. And Australia, facing its upcoming federal election, may need to consider sending stronger messages, says Steve Ledzian, vice president and CTO for FireEye in Asia-Pacific.

In January, amidst the government shutdown, the Department of Homeland Security advised government agencies to double-check their Domain Name System settings to guard against attacks that can open a door to effective social engineering attacks (see: DHS Issues More Urgent Warning on DNS Hijacking).

Changing a DNS record can mean that those browsing the web can be directed to fraudulent websites even if the precise URL has been entered in a browser window. Broader use of TLS/SSL certificates and certificate pinning can trigger warnings if this happens, but in some cases it may be hard to detect. Fiddling with a DNS record can also allow an adversary to spy on web traffic (see: Criminals, Nation-States Keep Hijacking BGP and DNS).

Also related to Iran, the U.S intelligence community was rocked once again when an indictment, unsealed last week, charged a former servicewoman with helping Iranians target U.S intelligence agents with cyberattacks (see: US Air Force Veteran Charged in Iran Hacking Scheme).

Four Iranian men along with a former Air Force servicewoman were charged in a hacking scheme that targeted military members. (Source: FBI)

Monica Elfriede Witt, a 39-year-old former Air Force counterintelligence agent, is accused of helping four Iranians with background information to aid spear-phishing attacks. Witt, who defected to Iran in 2013, is also accused of revealing a highly classified intelligence program related to Iran and the identity of an intelligence officer.

The four Iranians are accused of targeting U.S. military personnel via Facebook and email, sending alluring messages that tried to entice recipients to disable their anti-virus programs and download malicious attachments.

About the Author

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.